Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

Medium

Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description

PHP versions 5.4.x earlier than 5.4.1 are affected by the following vulnerabilities :

- The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated. (CVE-2012-1172)

- The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'.

- It's possible to bypass an HTTP response-splitting protection because the 'sapi_header_op()' function in main/SAPI.c does not properly determine a pointer during checks for encoded carriage return characters. (Bug #60227 / CVE-2012-4388)

Solution

Upgrade to PHP version 5.4.1 or later.